Has My Cell Number Been Cloned?

2bepissedoff asks: "According to my T-mobile phone bill, I have been receiving incoming calls from a 'NBR unavailable', since February, with talk time ranging from 1 minute to an hour. The strangest thing is, I have never received these calls (my phone doesn't ring and I haven't talked to the caller). I only started noticing them when my phone bill was charged over $40 more than my regular bill. Of course, I have a family plan (2 people only, 2 lines) and I talked to my partner. The answer: he too had not received any of these calls, especially over 300 minutes per month of them. We called up T-mobile twice and claim the possibility of phone cloning. Both representatives hung up on me, thinking I was trying to con them or something. Any advice to what this could be?"

I did a little investigation and I've noticed that some of the NBR minutes overlap with calls I actually make. For example:

'2/22 at 3:28 pm "NBR unavailable" 17mins usage.
2/22 at 3:44 pm "-(# I made)---" 3mins usage.

So if you add up the time 3:28pm + 17 mins = 3:45 pm. The time when I made my call was at 3:44 pm. This reoccurs several times. I still do not think this is enough evidence to convince T-mobile of Phone Cloning. So I am thinking of switching either my number or my service provider. "

switching the number won't work

[Incongruity]

without changing your SIM card, changing the # won't make a difference, I believe.

Get a new account -- new SIM's for both you and your partner and do it sooner rather than later, for your sake =)

Do Not Put Up With That

[eldavojohn]

Both representatives hung up on me, thinking I was trying to con them or something. Any advice to what this could be?

Here's some advice: Don't take that shit.

You're a human being. But more importantly, you're a paying customer. Call them up, get the guy's name. Inform him that if he hangs up, you'll contact his supervisor. Then ask him what zip code these calls were made from, they should be able to figure that out. Verify that it's something reasonable.

If they won't believe you and you can convince them you're not making the calls, try calling the number and letting your phone ring. See if anyone picks up.

If that doesn't work, simply demand they change your number for you.

If they refuse to do that, be sure to inform them where you're taking your business.

Personally, I'd be pretty damned pissed if anyone ever hung up on me when I was simply inquiring as to why they were charging me money. In fact, I know right where I'd file [bbb.org] that complaint.

If I had a credit card associated with the account, I'd call my credit card company and dispute the charge. You explain to the credit card company that they hung up on you twice. What the operator will do is put you on hold while they contact T-Mobile. The operator should introduce you to the T-Mobile rep and try to resolve the issue. If T-Mobile has a call from a credit card company, I'm certain they'll be a bit more understanding when they're looking at the possibility of having to chase down a stopped payment.

I've had this problem also..

[GonzoTech]

.. With Verizon Wireless. They wouldn't help me resolve the issue over tech support forums, or through phone call tech support. Know how I got it fixed?

I showed up at a Verizon Wireless sales center, yelling and complaining (trust me, I can throw quite the tantrum,) until a manager finally got in touch with someone to fix the issue.

I got three months of free service for the trouble.. and since I've had perfect phone bills.

Never underestimate the power of being an ass when you're not treated fairly..

Why make things difficult?

[gellenburg]

Why make it more complicated than it needs to be?

Just dispute those calls with T-Mobile and let them figure it out.

If your bill was over by $40 go back and tell them you didn't receive this call, you didn't receive that call, didn't make that call, etc.

They have the data to know when and where the calls were received based on the cell towers that the phone was received from.

Keep escalating the issue dude.

Call back and immediately ask to speak with a supervisor.

Get names.

Record the dates and time you called and who you spoke with.

Keep escalating up the chain of command if you have to.

If that doesn't work, file a formal complaint with the FCC and your State's Public Service Commission. That'll definitely get their attention.

Good luck!

Get in T-Mobile's Face

[rizzo]

Did you really need to "Ask Slashdot" about this? If T-Mobile's CSRs hung up on you, then you march down to the nearest store and let loose on the first salesperson you see. You *should* have gotten the names of those CSRs (I always make a point of writing down the person's name when I call any kind of support) to give to whoever it is that finally *does* take your complaint. Either they or their manager should be fired.

And, once you get this issue resolved, leave T-Mobile.

Overlap

[RomulusNR]

Most GSM phones can handle two calls at once (a la call waiting/etc.), so overlapping times doesn't prove cloning.

The only theoretical way I am aware of to clone a GSM phone is to copy the SIM or have a SIM with the same subscriber number.

A simple fix would be to get a new SIM card. You can get your existing number transferred over to the new card. If its a card clone, then a new card will solve the problem.

Dunno why the customer service kept hanging up on you (was it really a hangup or a dropped call?), considering they supposedly have the best customer service in the business.

Re:Do Not Put Up With That

[barzok]

Don't bother with the BBB. Your time is better spent moving up the T-Mobile chain of command. The BBB has no teeth and won't help your case against them.

I filed a claim with the BBB a couple years ago and all I did was fill out paperwork (well, web forms). I was never interviewed by the BBB, never called by the BBB, and they never (to my knowledge) contacted the company I filed the claim against to work with them as my advocate. I have no evidence that they did anything at all.

The hours I spent documenting & compiling everything for the BBB, everything I sent them, may as well have been pitched into a black hole.

Call Waiting

[Jhon]

So if you add up the time 3:28pm + 17 mins = 3:45 pm. The time when I made my call was at 3:44 pm. This reoccurs several times.

This can occur if your plan has call waiting or 3 way calling. I speak from the experience of an elder monitoring the cell phone usage of teenagers (who should NEVER EVER EVER have cell phones in my opinion).

If you've got T-Mobile, the bill should break down WHICH phone is receiving the call (either yours or your partners). If it's happening on your partner's bill, I would suggest it's more likely that your partner is lying to you than the phone was cloned (just statistically speaking -- nothing against your partner).

Another possibility is that the entry on your bill is "bogus". The result of a computer glitch and you'll need T-Mobiles help to resolve the problem.

The Problem is....

[Grantisimo]

The problem is that t-mobile does not acknowledge that cloning exists on their network. I used to work in T-mobile customer care. We got calls about this at least once a week. Most were just paranoia. The answer was always the same; "It is impossible to clone a SIM." Not much that you can do against that.

Re:switching the number won't work

[Bob535]

I agree, working for a Cellular Company, the easiest way to fix this would be to call in and ask for them to replace your SIM card. No need for a new account, just ask them to send you out new SIMs. If this doesnt fix the problem, ask for a ticket to be filed and an engineer to call you back with the explaination. The agents dont know anything anyways.

t-mobile can't hang up

[Anonymous Coward]

hate to tell ya, but i used to work in a t-mobile call center, and it is not possible to hang up, they are not using phones to talk to you they are using a computer terminal that has T-mobile's proprietary software on it and well, there IS NOT a hang up button.

Re:switching the number won't work

[SenseiLeNoir]

If its a GSM phone, I very much doubt any cloning has occured for the following reasons.

BTW, I used to work for Logica, in the telecoms division, and have a LOT of knowledge of GSM systems, and how they work. I am also a T-Mobile (UK) customer.

Remember these facts:

- A GSM phone has a unique IMEI number.
- Each GSM phone has a unique SIM card with a unique SIM number. This SIM number is attacted on a central computer to your account.
- Although the SIM card does contain your number, it is many for informative, and not operational purposes.

When you switch on your phone and it logs onto your network, it sends its IMEI number, and its SIM number to the network. The network then looks up the SIM number and associates it with a number. As it stands, only one SIM number can ever be associated with a phone number. When i tried getting a new SIM to replace my aging SIM, the old one was disconnected before the new SIM was issued, as it is simply not possible to associate a number with two SIMs. You can associate a SIM with two or more numbers, but not the other way round.

If someone HAS cloned your SIM, and both phones are attached at the same time, the network would register a fault, as a SINGLE sim number is assiciated at two different locations. It woudl create a fault in the system which would prevent both yours and the clone SIM from working. This is actually one of the main reasons why Cellphones are not usable on Planes (even if it is prooven to be safe to the electronics). The phone woudl try to log onto multiple cells at the same time, causing a lot of strain on the network, or even malfunction.

A SIM can only be "effectively" cloned if the original was never used afterwards. If both the Original SIM and the Clone was used at the same time, the network will try and continuesly switch between the two cells its registered to, unless both are on the same cell. if both are on the same cell, further issues would happen.

I am not sayign that cloning is impossible, its just extremely unlikely.

I woudl think the most likely causes of this situation are:
- Are you *sure* your partner is not recieving the calls? Really sure?
- Maybe, if you visited another country (or performed roaming) there might be some residual temporary numbers assigned to your phone.

However, the way the records are kept, you shoudl find that its pretty easy for the phone company to determine what happend. Who made the phone call, what handset was in use, where the call was recieved.

Finally I do not know the laws of the US, but here in the UK, the first point of call if you think your phone has been cloned or if your believe that a crime has been committed regarding your phone is the POLICE.

In UK, if we recieve am abusive call, calling the phone company will not be any help. They will rightly ask you to contact the police first, and they will work with the police to resolve the matter.

Re:Suggestions

[bcattwoo]

3. Are you SURE your partner isn't really receiving these calls? I.e., have you been with him at known times when these alleged calls have come in?

I didn't get this part of the story. On my "Family Plan" bill from Verizon there are completely separate sections for each phone showing the calls made to and from that particular phone. I would assume that T-mobile indicates which phone the calls are being made to or from on its bill as well. No need to question the partner if the calls are being charged to the poster's phone. On the other hand ...

Re:You get charged for receiving calls?

[pe1chl]

Incoming calls don't cost me money, but when I am not careful and send a text message to a 4-digit number I could subscribe myself to continuous incoming text messages that cost me money.

In fact, some people already had the problem of sudden paid text messages without knowingly subscribing to such a service, and without information on how to unsubscribe.

The providers, who very well know how to invoice these services, suddenly hide behind bullshit "we do not know" and "we cannot tell" arguments when you try to find out who is behind such scams.

Reasons: how american cell plans work

[TheMCP]

American cell phone plans come with a largeish (600 - 1500) number of prepaid minutes attached to the plan... so, I pay $40 a month, but the first 1000 minutes of calling (in either direction) don't cost me anything more. Also, there are cheap add-ons to allow, or some plans even include, features such as free calls after 7:30pm or free calls on weekends or free calls to family members. (I can get both free nights and free weekends for another $10 a month, for example.)

So, put these things together and for $50 a month (just slightly more than the cost you mention for your monthly bill) you can end up paying a bill that doesn't actually charge you for any calls except calls to non-family members made before 7pm on weekdays that exceed the first 1000 minutes. For most people, that far exceeds actual usage, so they don't care if incoming calls are being included because they almost never end up paying a per-minute rate anyway.

To sum up

[goldcd]

It's virtually impossible to close a GSM phone - and surely if somebody had, they'd have been making obscenely expensive outgoing calls on it. Two possibilities:
T-Mobile have cocked up - they can easily check the calls and get more information about them to confirm if this is the case.
Your partner is lying/mistaken about receiving calls. If I had a suspicious mind, I'd just 'borrow' his phone and check the call log on the handset - see if one of the mysterious calls appears there.

Re:switching the number won't work

[SenseiLeNoir]

Note i said SIM NUMBER.. not SIM ;)

it is possible, and indeed within the spec to have two SIMs attached to a phone number. When a call is recieved, both phone are alerted, and whoever "picks up" answers.

Each SIM NUMBER has to be unique. if two physical phones with the same SIM number connects, the system will not be abel to tell them apart, and will fault.

If a SIM is cloned in such a way that two different SIMs with different numbers have the same phone number, that "clone" would have to be created by the phone company (which would need to adjust their database), and therefore is an inside job, not by Mr Joe down the street.

Re:Do Not Put Up With That

[mutterc]

Not very many people know quite what the BBB's powers are:

• Stats collection, as others have noticed. Anyone can get a report on a company and find out how many complaints (and, more importantly, unresolved complaints) have been filed.
• If the company is a BBB member, then all complaints must get resolved (note that this doesn't mean resolved in the customer's favor), or the company's membership gets dropped. BBB provides arbitration to facilitate this.

That's pretty much it.

A selection of things they can't do:

• Force any company to do anything. They can terminate a member's membership (and keep them from using the BBB logo, etc.) but that's it. They have no authority at all over non-members.
• Know about every company. (E.g. I can go into business without notifying anybody except licensing boards and taxing authorities; I certainly don't need the BBB's permission).
• Tell you some company is legit, non-legit, a scam or not, etc. You have to make up your own mind after reading the report. (Think of the slander lawsuits, even from scamsters!) There are exceptions for blantantly illegal things like foreign lotteries, fake cashier's check scams, etc.
• Give customers legal advice (the legal industry would rather they didn't, and BBB CSR's would rather not be liable for practicing law without a license). They'll certainly refer you to the AG, postal inspectors, etc. if you want help putting the legal smackdown on a scamster. If you just want to know whether something a company did was legal, gotta ask a real lawyer.

Re:I'm skeptical - T-Mobile service is great

[Johnboi Waltune]

I've had very bad experiences with T-Mobile. Last week I called to INQUIRE about their prepaid plan, and a couple days later, I found they had switched me over to it without my permission. After three calls, I managed to get them to switch back to my old plan. However, my mobile email no longer works, and the CSR I spoke to told me I never had mobile email for the past 2 years. She actually claimed I had imagined sending and receiving all those emails from my phone. Another CSR believed me, and claimed he could fix the problem, but he was unable to.

So... after 5 years with T-Mobile, I am ditching them due to the morons I spoke to. The only other GSM game in town seems to be Cingular. They have mobile email, but it's only MSN, Yahoo, AOL, etc.

Re:Do Not Put Up With That

[Mortanius]

Late last year and early this year I did a nine-month stint at Radio Shack, dealing a lot with both Sprint and Cingular customer service (oddly I almost never had to call Verizon for anything, their activation system worked like a charm for me), and yeah, cell phone companies hang up on everyone, even people selling phones for them. There's always a few bad apples, just call back and ask to go straight to a supervisor, make sure to get everyone's name that you talk to just in case.

And at the same time, remember, the CSR's aren't always able to give you the information you're asking them to, they aren't always just trying to brush you off. Instead of getting angry and shouting and cursing and, in one case, farting over the phone (go figure), just get their name and talk to a supervisor, they may still not be able to help you but might be able to direct you to someone who can.

While eldavojohn's suggestion may well be what it comes do, don't come out of the gate guns blazing, demanding this and that and not letting the rep speak. We're all humans, in spite of our best efforts if the person on the other end of the phone responds to our "Thanks for calling-" by shouting and demanding things without letting us speak, there's going to be some level of agitation, and that's going to interfere with reaching an acceptable resolution. Stay calm and be firm yet polite and things will be worked out with much less stress and much more quickly than they would be otherwise.

And please, for the love of god, don't file complaints against people like RS employees who don't even work directly for the phone companies, our hands are very tied in what we can do with the carriers. Being in a relatively well-to-do area, everyone had a holier-than-thou attitude and I ended up dealing with calls from my superiors almost daily about my employees who honestly did everything they could to make things right but just didn't have the power. Yeah, it's a pain to have to deal with middlemen who are forced to basically ask you to hold on while we get Sprint|Verizon|Cingular|Alltel|US Cellular|NEXTEL on the phone, but remember too though that most of the time we have our own numbers to use that take us straight to the people who (generally) have a clue.

(sorry, got ranty on that last one. :-P)

Re:Seems Wrong.. Cell phones work in airplanes...

[Andy Dodd]

Simple. Because the network was designed such that for users on the ground, it is NOT possible for a phone on the ground to be visible to more than one tower on the same frequency with similar signal strength, as towers in adjacent cells operate on different frequencies within the carrier's assigned band. If weird propagation DOES cause more than one tower on the same frequency to be able to hear the phone, it is easy for the network to figure out which tower is appropriate based on the signal strength. (The signal will be very weak at any tower other than the nearest one to the phone.)

This changes when a user goes above the maximum altitude of a user the system was designed to handle. All of a sudden the user will have LOS *with high signal strength* to multiple towers on the same frequency. In older systems, this could cause calls to be billed multiple times. In newer systems, multiple billing is eliminated and the network can handle it, EXCEPT that even if the phone is only communicating with a single tower, it will still cause significant interference with other towers that it normally would not, and as a result a handful of airborne users can significantly decrease the capacity of the network. Essentially, instead of being a single user in one cell for the purposes of capacity handling, they become an additional user in every cell within LOS of the aircraft. (Remember, even if they aren't actively communicating with a particular tower, their signal is still present and causes interference.)

Re:switching the number won't work

[Lumpy]

Remember these facts:

- A GSM phone has a unique IMEI number and the right phone can have it's IMEI changed to match yours
- Each GSM phone has a unique SIM card with a unique SIM number. This SIM number is attacted on a central computer to your account and the right sim can be cloned to match your sim.
- Although the SIM card does contain your number, it is many for informative, and not operational purposes. -- blatently false. Your phone does not work without the sim therefore it IS for operation purposes.

GSM CAN be cloned, I have seen it done. the phone's IMEI can be changed if you have the right gear and model of cellphone and yes you can clone a SIM serial number with the right sim (Sim=smartcard with a small formfactor not hard to get a 16f84 based one to emulate anything you want.)

Re:Similar problem = Cingular

[taustin]

Her response? "Computers don't make mistakes."

"Yeah, that's why there's a multi-billion dollar a year industry to repair them."

Re:switching the number won't work

[wfberg]

BTW, I used to work for Logica, in the telecoms division, and have a LOT of knowledge of GSM systems, and how they work.

That's not really a good advertisement for Logica then.

The IMEI has next to nothing to do with any sort of security function of GSM. It only identifies your handset, and some countries have a registry that they'll put your stolen phone's IMEI on so networks can prevent the handset's further use in that particular country among the operators that signed up to the registry, but IMEI is not checked against your subscription. In fact, that's one of the primary design tenets of GSM; subscription data is contained in the Subscriber Identity Module; the SIM.

is simply not possible to associate a number with two SIMs. You can associate a SIM with two or more numbers, but not the other way round.
This is false. Many operators offer dual SIM cards; both cards contain the same subscription data, and usually the last one activated is logged on to the network succesfully to receive incoming calls. Both can make outbound calls.

If someone HAS cloned your SIM, and both phones are attached at the same time, the network would register a fault
No, it works, though you will notice only one handset receiving calls. It's not registered as a fault (though it is registered).

A SIM can only be "effectively" cloned if the original was never used afterwards. If both the Original SIM and the Clone was used at the same time, the network will try and continuesly switch between the two cells its registered to, unless both are on the same cell. if both are on the same cell, further issues would happen.
Again, not true.

In fact, if certain algorithms are used (IIRC, COMP-128) it's even possible to reconstruct the SIM's KI and clone it using information eavesdropped over-the-air (be afraid!).

- Maybe, if you visited another country (or performed roaming) there might be some residual temporary numbers assigned to your phone.
Which numbers would those be? The connection between your MSISDN and most-likely (or actual) away-network is always looked up via the home registry; the away-registry doesn't associate any temporary MSISDNs to your SIM, it doesn't need to. And if it did, and someone misdialed such a random number, how would they be supposed to get through to you? Their home registry simply won't accept entries for SIMs from your network.

However, the way the records are kept, you shoudl find that its pretty easy for the phone company to determine what happend. Who made the phone call, what handset was in use, where the call was recieved.
Spoken as some one who's never tried to get a phone company to look up something in their records. Good luck trying that. Yes, it's technically feasible, but that doesn't mean phone companies are organizationally capable of doing this.

Finally I do not know the laws of the US, but here in the UK, the first point of call if you think your phone has been cloned or if your believe that a crime has been committed regarding your phone is the POLICE.
No, first call the phone company to report fraud, so they can put restrictions in place (e.g. no international calls, no premium toll numbers) to prevent ongoing abuse and rising phone bills, and report and investigate at leisure.

In UK, if we recieve am abusive call, calling the phone company will not be any help. They will rightly ask you to contact the police first, and they will work with the police to resolve the matter.
Again, no; "British Telecom has its own unit, which deals with nuisance calls. If you have not already reported it to BT then contact them on 150. They will investigate first and if they can trace the calls, you will then be advised to make a formal police report to your local police station. [police.uk] Cable & Wireless and mobile phone companies require that it be reported to police before they will deal with it. Attend your

Re:Unknown calls are bullshit

[onepoint]

net time you loose your phone, call the service department and tell them you lost your phone. they will pleasantly give you the location ( within 1 block ), the last 20 phone calls, and send that phone a text message. I've done this 3 times and got my phone back 3 times. it's all in the manner that you speak to the reps. also it does not hurt to keep your GPS active ( that helps pinpoint the phone to 1 block ).

Onepoint.

Re:No, Technology isn't magic.

[PayPaI]

You can press a phone code to turn off your call id, and number forwarding, so that the recieving party cannot trace you. (in the u.s.) This was done so that victims of abuse could call home without fear of being traced. The phone company dosen't get that number either.

Lies. [wikipedia.org] The company gets the number no matter what. CID blocking is just that: blocks anyone with "Caller ID" from getting your number. Anyone with ANI will still get it. Do you think that you could block CID when you call 911? "Sorry, we don't know where you are!"

moron, eh?

[Anonymous Coward]

1) i see nothing in the article you referenced to imply that *only* 800-number calls can be picked up, across the board. 2) Caller ID [wikipedia.org]: "... This special code does not block the information from companies using Call capture technology ... Emergency services will most likely be able to show the restricted number using a service called Calling Line Identification Restriction Override (CLIRO), or by using general ANI services."

the couple times i've been forced to call 911, they've certainly been able to locate me based on phone signal... and, well, i haven't got an 800-number, nor was i calling one.

so, while technology may not be "magic" ... the idea that "CALLER ID BLOCKED" is a be-all and end-all statement isn't necessarily "moronic", either.

Re:No, Technology isn't magic.

[egburr]

Even though TV tells you that cell phone triangulation is a common practice, it's not. Triangulating on a cell phone call requires police, on foot, with three antennas, to find the right signal and take a measurement, from there they sit down with a map and work it out. This isn't built into the phone system, and its certainly not automatic.

Triangulation is difficult, as you describe. However, I have visited my local police communications center, and I can verify that they DO get the information about which cell tower your call goes through when you place a 911 call. Yeah, that only narrows it to a circle with about a six mile radius.

It may not be as automatic if the police are tracking your phone around, but the technology is there. The cellular company should be able to identify the tower you're near if your phone is on, even if you're not using it right then. Over time, tracking your movement by cell tower, they should be able to get a decent idea of what road you're on.

But, the people in the stores won't have access to that, and the regular customer support people won't have access to that. Some cellular companies are even providing phone tracking on the web as an extra-charge service for your kids' phones.

HLR can only have one VLR profile for your sim

[Kodack]

Okay so in answer to the posters question:

When you power your mobile on it attatches to the network and is added to the local switches VLR (visitor location register) which is a database of who is on what switch and what radio and base station they are on. The MSC (mobile switching center) then sends a request to the HLR (home location register) which is like a VLR except instead of tracking what radio they are on, it tracks which MSC they are on. So if someone calls your phone, the system does an HLR lookup to see what MSC you are on, and then the call is sent to your current location.

If someone were cloning this persons mobile then they would be attatched to the network 'twice'. This is not allowed and it would cause the 2nd mobile to be unable to attatch to the network.

Think of it like this, your SIM card contains an IMSI (international mobile subscriber identifier) which is a long number that corresponds to your account. When you are attatched to the network it is by SIM/IMSI and the HLR notes which VLR you are in. If a 2nd phone tried to attatch with the same SIM/IMSI information then one of two things would happen because someone can't be in two VLR's at the same time. Either the new SIM would be rejected because the old one did not do a handover to the new VLR. Or the old SIM would be removed from it's current VLR and attempt to re-attach, which would kick off the other SIM/IMSI back and forth.

So if you leave your mobile powered up 24x7 your making it very difficult for someone else to get on the same network and pretend to be you because you can't be in two places at once. And as long as your sim is inserted and your phone is powered on you are attatched to the network, whether you make a call or not.

If you are still concerned have Tmobile set up a call trace on one of these calls or check the IMEI of the calling phone. IF it's in Europe they will have an EIR which keeps track of the IMEI (international mobile equipment identifier) which is like a serial number for the phone. Even if someone cloned your SIM they can't clone your IMEI so it will be different.

With a call trace they can track the LAC and CellID of anycall placed and tell you where it's originating.

Re:moron, eh?

[cg0def]

Yes caller id blocking is only so that you the end user cannot see who's calling you but the point was that the guy went to the store and was pissed off that the people there couldn't help him. Those people really have no access to the caller ids and they really cannot do much as to finding your phone if it gets lost.

Re:switching the number won't work

[DM9290]

I also work at a telecom company (I will not identify which), and am involved with the development of logic for real time processing of phone calls. You put far too much faith in telecom systems checking for what may or may not be a nonsensical situations. It is far easier to simply process and complete a phone call, than to speculate on an infinite number of potentially contradictory situations which may arrise which might suggest foul-play.

There is nothing implicitly wrong with completing 2 phone calls at the same time. And while there may be cases where it makes no sense, there are so many cases where it makes sense that generaly speaking it is easier to allow it than to presume there is a problem. A call appearing on a bill for a persons cell phone may not even involve a CELL call or a cloned SIM card at all. It could be a land line which the telco wrongly associated with the cell customers phone bill. There may be nothing wrong with the CELL network at all, but a mere data entry error in the billing system.

We are first and foremost concerned with insuring that our customers (or any party which even appears to be a customer) are able to completing their phone calls. Failing to complete a good call is considered a much more serious error than erroneously ALLOWING the completion of a fraudulent call. The rule of thumb is.. when in doubt : complete the call. In fact, I would say that while our systems are 99.999% reliable, their ability to stop fraudulent phone calls is NOT 99.999%. Or at least I can say our testing and so forth in that regard has not been enough to make such a claim.

So... does my code care if you complete 65 phone calls at the same time? no. For all I know you have a service which allows you to complete 65 phone calls at the same time. And if such a service doesn't exist right today, for all I know someone will dream it up next week. It is not for me to speculate.

As a hypothetical:
If the same phone line initiated a call from 2 seperate switches simultaneously, there would be no information passed between the 2 switches to detect such an impossible situation. The difficulty of trying to insure such a check was functioning in real time exceeds the benefit.

In fact... even if we could detect such situations in real time, I would be loath to presume that it was in fact wrong. What if those 2 switches are load sharing? What if Switch A, initiated Call #1, and then experienced a problem causing calls to be routed to Switch B? I would need to think of every possible situation to insure I didn't accidentally break functionality that ought to work.

We design telephone systems to work when there are serious failures all over the network. We don't want to be the one responsible to not completing that phone call that results in someone dying or whatever.

You can pretty much assume telephone networks (to the extent that they would BLOCK a phone call which looks funny) are not bullet proof.

If some technician tells you they are, that technician doesn't know what he's talking about.

I would be amazed that a customer support person actually hung up on a customer who wanted to know about the possibility of cloning a SIM card.

Re:No, Technology isn't magic.

[Anonymous Coward]

As a person who has a Class 5 switch literally about 50 feet away from me, I can tell anybody who is interested, that yes, the phone company can tell whomever calls who. In multiple places and on mulitple levels. Regardless of what keys are pressed to block...it really doesn't matter. We have to be able to for a multitude of reasons...most of which are financial.

Re:switching the number won't work

[Anonymous Coward]

Having worked as a CSR for a major cell phone company I can say that your advise is on the money.

Despite what people think, very little information is actually available to your average CSR. When a rep says he can't access information he most likely can't.

For example. There is no way for me to know ANYTHING about an anonymous phone call except the tower used, (and therefore the location) and the duration.

These companies only give its CSRs enough information to do basic tasks, nothing more. While the records ARE there. The only people that have access are law enforcement agencies. (Who have specific channels to gain access to them)

Re:moron, eh?

[Harik]

So you're trying to tell me that phone companies blindy allow CLECS to send unknown calls into their system?

Yup. Be nice though, he's probably just wrong, not trolling. Not too long ago, I would have argued the same, until I found out how to do it.

ANI is spoofable on most switches. Trivially if you're using a digital service (ISDN or T1), less so on analog lines but still possible. Note that I'm not talking about Caller-ID here, but the ANI service that large T1/T3 customers get (NOT 800-only). The SS7 network is as badly designed as SMTP when it comes to spoofing.

The issue is that it was designed to be spoofable for common applications such as forwarding, so that the original ANI was forwarded to the new destination, rather then getting a call from yourself/your company. Of course, there's no way to distinguish from a forwarded call and a new call, so effectivly you create a new call with bogus ANI and then patch it in to the inbound call.

The other reason is DID lines need to be able to say what number is calling out. You could have hundreds or thousands of numbers all resolve to one trunk (Think any fortune-500 company), so it's the responsibility of the PBX to give the caller's ANI. As was pointed out on Schiner's blog, while you could filter ANI, the current software doesn't make it remotly practical to do so. So any DID line can spoof ANI.

Whee!

Re:It's probably the NSA

[Mistlefoot]

As an employee of a cell phone company who works in Customer Care I'll offer my two bits.

1) When you call customer care ask for and write the down the Care agents name. If they hang up on (unless you are being incredibily agressive and swearing) that information will be handy to their Supervisor. Call back and let that be known.

2) Both the IMEI number on the handset and Sim Care will be recorded. If both do not match on a disputed call this is strong evidence of cloning.

3) You have 3 way calling, you have voice mail - two calls at one time is not an anomaly in itself.

4) Ask for a Supervisor if you do not recieve care at a lower level.

5) View your online account and watch you billing daily if you think this is a cloning problem. Trying to remember a call from 5 weeks ago is not easy.

6) Don't dispute calls in general. Dispute specific calls. We can look up specific calls. Saying I have 47 billed minutes I didn't use means nothing. Saying, the call to 123-456-7890 on 6/03/06 at 2:57pm was not made by me. We can actually help with that.

7) Correspond via email instead of calling. Over the phone pressure exists to keep the lenght of the call down. Via email agents can research your issue without having to leave you on hold - the pressure for resolution in a 5 minute phone call is not there.

8) When you hear this often in a Call center you do become immune to it. People lie all the time - a popular one is "I have bad coverage" only to find out after reviewing their account that they've used 2800 minutes this month and are happy to accept a discounted handset with a 2 year deal. People with truly bad coverage do not renew for two years and have 2800 minutes usage per month. As such, it is easy for a Care agent to dismiss you without much investigation. Do not give up after 1 or 2 calls (or email). This does not mean that you are right, merely that your issue will be investigated more thoroughly the second or third time. This is normal in many businesses.

Re:No, Technology isn't magic.

[jaredcat]

That isn't entirely true. I've worked in intercarrier billing for a little while, and I have seen many cases where ANI (Automatic Number ID) is not sent by the originating carrier.

Now when you make a normal phone call from a normal world zone 1 LEC (local exchange carrier) to another world zone 1 LEC or wireless company, your LEC is almost always going to transmit that data. They don't have to do it, but they usually do it. Generally it makes it much easier for the techs and the billing people when things work this way because it lets you determine if a call is interstate/intrastate (different rate tables) or it can help you track down technical problems of all kinds.

However, not every carrier sends this information. In fact, carriers with older or less complicated equipment (think phonecard companies and small international operators) sometimes can't even send ANI if they wanted to. Maybe they don't use SS7 and are using the ANI field to an identify an internal billing code. Maybe they have incompetant switch techs who don't know how to setup the signaling correctly. There are lots of legitimate reasons why a carrier would not send out ANI.

Now for the criminals--- it is VERY EASY to spoof ANI and CLID. Many telecom scams are perpetrated this way. All it takes is for the criminal to be placing calls through a carrier which allows the customer to transmit digital signaling and then sends out whatever the customer sent to the next carrier rather than building ANI from the carrier's own customer database. Virtually all LECs let you do this if you have a T1 and a PBX. Virtually all small VoIP operators let you do this as well, so long as you have the ability to transmit the signaling to them.

So getting back to the point, your carrier isn't neccesarily lying to you when they say you got a call from 'number unavailable'. Its entirely possible for a carrier NOT to get a call without an ANI. With a little research, they may be able to tell you what carrier the call originated from, but thats about it.

Re:No, Technology isn't magic.

[avxo]

Triangulating a mobile phone to within a couple of hundred meters (frequently less than that) does not require police on foot, with three antennas. The cellular system, in order to work and not for any sinister big-brother type reason, has to track the rough relative position of a subscriber within a cell, to account for signal delay propagation.

Just to elaborate a bit about timeslots: The GSM standards require that the phone transmit only in a defined time frame: three time slots after the phone has received the data. This gives the tower a well-defined interval during which to receive the data transmitted and to ensure that transmissions by different phones are separated by at least one guard period.

But as the distance between the tower and the cell increases, the cell phone must transmit earlier and earlier to account for the increase signal propagation delay. This process is called "adaptive frame alignment" and is determined by a parameter known as the "timing advance" parameter. The TA is dynamically updated and takes values between 0 and 63 inclusive. This parameter determines how early, in microseconds, the phone has to begin transmission, to ensure that the signal reaches the tower at the correct time, and roughly locates the phone within a specific radius around the tower.

Combining this with the fact that more than one tower usually sees the phone and the information from those other towers, the GSM system can triangulate the signal to within a couple of hundred meters, easily.